Modern computational science is becoming increasingly collaborative as scientists utilize remote shared facilities, including instruments, compute resources, and data repositories. Department of Energy (DOE) researchers have coined the term “superfacility” to describe an integration of two or more existing facilities using high-performance networks and data management software in order to increase scientific output. Currently, superfacilities are purpose-built manually for a specific scientific application or community, limiting their use to large projects that are long-lived. Recent advances in campus science networks (Science DMZs) and federated Infrastructure-as-a-Service, as in NSF GENI, provide the basic building blocks to enable construction of dynamic superfacilities on demand. Automating the creation of superfacilities reduces their cost but introduces new security challenges. By design, their dynamic network links bypass campus security appliances in order to maintain a friction-free network path; security for these paths is typically addressed by managing interconnections manually. This project creates a framework to automate, authorize, and monitor end-to-end connectivity across dynamic superfacilities, bringing this technology to a wider range of scientists.
The SAFE Superfacilities project brings together researchers and IT support organizations from RENCI/UNC Chapel Hill, Duke University and DOE/ESnet. The goal of this project is to generalize support for stitching dynamic network circuits by providing the authorization and security monitoring necessary to enable general, dynamic, and safe interconnections as a foundational building block for Science DMZ, Software Defined Exchanges (SDX), and superfacilities. One element of the project focuses on using the SAFE logical trust system to authorize dynamic stitching of network links in two systems developed, deployed, and operated by the researchers and their collaborators: the ExoGENI testbed and Duke’s Software-Defined Science Network (SDSN) campus network exchange. A second element addresses dynamic out-of-band security monitoring of traffic over these links. The project serves as a model for improving security while maintaining high-performance friction-free network paths between campus scientists and remote facilities.